CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25103 – Use-after-free vulnerabilities in lighttpd <= 1.4.50
https://notcve.org/view.php?id=CVE-2018-25103
17 Jun 2024 — There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. Existe una vulnerabilidad de use-after-free en lighttpd <= 1.4.50 que puede permitir el acceso para realizar una comparación que no distinga entre mayúsculas y minúsculas con el puntero reutilizado. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41556 – Debian Security Advisory 5243-1
https://notcve.org/view.php?id=CVE-2022-41556
28 Sep 2022 — A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión)... • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37797 – Debian Security Advisory 5243-1
https://notcve.org/view.php?id=CVE-2022-37797
12 Sep 2022 — In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. En lighttpd 1.4.65, la función mod_wstunnel no inicializa un puntero de función de manejador si es recibida una petición HTTP no válida (websocket handshake). Esto conlleva a una desreferencia de puntero null que hace que el ser... • https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 76%CPEs: 3EXPL: 3CVE-2022-30780
https://notcve.org/view.php?id=CVE-2022-30780
11 Jun 2022 — Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. Lighttpd versiones 1.4.56 hasta 1.4.58, permite a un atacante remoto causar una denegación de servicio (consumo de CPU por conexiones atascadas) porque la función connection_read_header_more en el archivo connections.c presenta una errata que interrumpe el u... • https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22707 – Ubuntu Security Notice USN-5903-1
https://notcve.org/view.php?id=CVE-2022-22707
06 Jan 2022 — In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarde... • https://redmine.lighttpd.net/issues/3134 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2019-11072
https://notcve.org/view.php?id=CVE-2019-11072
10 Apr 2019 — lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd... • http://www.securityfocus.com/bid/107907 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 39%CPEs: 13EXPL: 2CVE-2018-19052
https://notcve.org/view.php?id=CVE-2018-19052
07 Nov 2018 — An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. Se ha descubierto un problema en mod_alias_physical_handler en mod_alias.c en lighttpd en versiones anteriores a la 1.4.50. Hay un salto de directorio ../ de un úni... • https://github.com/iveresk/cve-2018-19052 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 36%CPEs: 3EXPL: 1CVE-2015-3200 – HP Security Bulletin HPSBGN03638 1
https://notcve.org/view.php?id=CVE-2015-3200
09 Jun 2015 — mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. mod_auth en lighttpd anterior a 1.4.36 permite a atacantes remotos inyectar entradas de registro largas a través de una cadena de la autenticación HTTP básica sin un caracter de dos puntos, tal y como fue demostrado por una cadena que contiene un caracter nulo y de nueva línea. Potent... • http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 78%CPEs: 11EXPL: 3CVE-2014-2324 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2324
13 Mar 2014 — Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. Múltiples vulnerabilidades de salto de directorio en (1) mod_evhost y (2) mod_simple_vhost en lighttpd anterior a 1.4.35 permiten a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el nombre de host, relacionado con request_check_hostname. A potenti... • https://github.com/sp4c30x1/uc_httpd_exploit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 92%CPEs: 9EXPL: 3CVE-2014-2323 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2323
13 Mar 2014 — SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Vulnerabilidad de inyección SQL en mod_mysql_vhost.c en lighttpd anterior a 1.4.35 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de host, relacionado con request_check_hostname. A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access... • https://github.com/cirocosta/lighty-sqlinj-demo • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •